LastPass Patched A Bug That Could Have Exposed Users To Malicious Sites

Image source: www.zdnet.com

LastPass has just launched a patch for a bug that could help harmful sites extract passwords using the service’s browser extension.

Luckily enough, Google Project Zero researcher Tavis Ormandy discovered the bug and informed the company soon enough about the risks.

According to a ZDNet report, LastPass came up with a patch to avoid the expansion of the bug. Therefore, an automatic update was deployed to all browsers, so by updating the latest version, you’ll be safe.

According to LastPass, only the Opera and Chrome browsers were affected by the bug. However, the bug was patched with the version 4.33.0 for all bowsers, just to be safe.

Ferenc Kun, who works as Security Engineering Manager for LastPass, confirmed that the exploit was based on a user visiting a harmful website and being tricked into clicking on the page numerous times.

Considering the fact that password managers can still be compromised by security problems, two-factor authentication might be a good idea.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top